Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alen_Ilic
Employee
Employee
Jump to solution

'Water Torture' attack , DDoS against DNS

I dont seem to be able to find a CVE for this attack, so my question is if Check Point IPS blade can prevent these attacks? Or would that be something one would need DDoS protector? Little more info on the attack below.

 

Title: DNS Label-Prepending and -Substitution ('Water Torture') DDoS Attack Mitigation Recommendations for Authoritative DNS Servers
November 4, 2019

Description:

Netscout Arbor have observed a significant recent increase in the prevalence of DNS label-prepending and label-substitution attacks (also known as DNS 'Water Torture Attacks', which make use of DNS queries for nonexistent, programmatically-generated DNS records to force authoritative DNS servers for targeted organizations to both service the illegitimate DNS queries as well as generate large numbers of NXDOMAIN negative responses. The goal of the attacker in these circumstances is to overwhelm the resources of the authoritative DNS servers, thus rendering online properties of the targeted organization such as Web servers, email servers, et. al. unreachable due to failed name resolution. This is an indirect form of application-layer DDoS attack against the critical ancillary DNS name-resolution service, rather than directly attacking the applications and services running on targeted networks; if the DNS names for online resources cannot be resolved, they are effectively rendered unavailable to legitimate users.

1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Yes subject to the deployment scenario & relevant behavioral protection subscriptions being licensed.

Recommend discussing further with your local CP SE.

CCSM R77/R80/ELITE

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
Without pointers to a POC or similar to confirm, it's difficult to say.
0 Kudos
Maller
Contributor

Hi 

Checkpoint anti-DDoS appliances have protection against water torture attacks?

 

thanks

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Yes subject to the deployment scenario & relevant behavioral protection subscriptions being licensed.

Recommend discussing further with your local CP SE.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events